{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-12-16T01:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://moodle.org/mod/forum/discuss.php?d=139107"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes"}, {"name": "ADV-2009-3455", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3455"}, {"name": "37614", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37614"}, {"name": "FEDORA-2009-13065", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html"}, {"name": "FEDORA-2009-13040", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html"}, {"name": "FEDORA-2009-13080", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html"}, {"name": "37244", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37244"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4302", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://moodle.org/mod/forum/discuss.php?d=139107", "refsource": "CONFIRM", "url": "http://moodle.org/mod/forum/discuss.php?d=139107"}, {"name": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", "refsource": "CONFIRM", "url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes"}, {"name": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes", "refsource": "CONFIRM", "url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes"}, {"name": "ADV-2009-3455", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3455"}, {"name": "37614", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37614"}, {"name": "FEDORA-2009-13065", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html"}, {"name": "FEDORA-2009-13040", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html"}, {"name": "FEDORA-2009-13080", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html"}, {"name": "37244", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37244"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:01:18.934Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://moodle.org/mod/forum/discuss.php?d=139107"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes"}, {"name": "ADV-2009-3455", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3455"}, {"name": "37614", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37614"}, {"name": "FEDORA-2009-13065", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html"}, {"name": "FEDORA-2009-13040", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html"}, {"name": "FEDORA-2009-13080", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html"}, {"name": "37244", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37244"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4302", "datePublished": "2009-12-16T01:00:00Z", "dateReserved": "2009-12-11T00:00:00Z", "dateUpdated": "2024-09-16T19:25:34.504Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "492A28FE-A2F8-4FF7-AC5B-0C3F5508506D", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "28A897CA-3D8F-4575-BBD2-1C0C5A2ECC99", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "A4A3A5D9-D96E-46B3-AC22-25045564EB96", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF91F8EA-1737-4E11-9931-ACAFB4BC0018", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "1E81E148-5710-439C-8A1A-884D27640AAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "DE2C0217-A25A-4D0A-8CC6-64DEBC9E198F", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "7949FC50-81B9-44AD-BB1B-91D025B34FF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "83AA5D08-CF62-45A8-A8FE-18F76BA8ECA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "2C61F076-71AC-4AEF-BECF-9EF0B05CEB77", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "24F2602B-8ED3-4026-A9A4-31BE8BDC7724", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "D7F24649-B67F-4809-9F54-7B623AEF5A4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "6B81655E-C3B5-4115-A4C4-B7AC2FCDAB7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "ED9C3840-66BE-47EC-9F0C-E9D2171FF0B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "DBD062EB-1B1F-4DC8-A4F9-C2EC7D401E9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "291F73E9-1059-4E7F-860F-0DF2A35AA456", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing."}, {"lang": "es", "value": "login/index_form.html en Moodle v1.8 anteriores a v1.8.11 y v1.9 anteriores a v1.9.7 enlaza a una pagina inicial en un puerto HTTP incluso cuando la pagina es servida desde un puerto HTTPS, lo que podr\u00eda causar que las credenciales fuesen enviadas en texto plano, incluso cuando el env\u00edo SSl este previsto, lo que permitir\u00eda atacantes obtener esas credenciales mediante la interceptaci\u00f3n."}], "id": "CVE-2009-4302", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-12-16T01:30:00.453", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://moodle.org/mod/forum/discuss.php?d=139107"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37614"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/37244"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3455"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://moodle.org/mod/forum/discuss.php?d=139107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37614"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/37244"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3455"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Moodle: Multiple security fixes in 1.9.7 and 1.8.11 upstream releases", "id": "544766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544766"}, "csaw": false, "details": ["login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing."], "name": "CVE-2009-4302", "public_date": "2009-11-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-4302\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-4302"], "threat_severity": "Moderate"}